CVE-2006-6504 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2006-6504?

CVE-2006-6504 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-6504?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Canonical Ubuntu Linux.

Vulnerability Description

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	>= 1.5, < 1.5.0.9
Mozilla	Seamonkey	< 1.0.7
Canonical	Ubuntu Linux	5.10

Related Weaknesses (CWE)

CWE-94

References

ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.ascBroken Link
http://fedoranews.org/cms/node/2297Broken Link
http://fedoranews.org/cms/node/2338Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742Broken Link
http://rhn.redhat.com/errata/RHSA-2006-0758.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0759.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0760.htmlThird Party Advisory
http://secunia.com/advisories/23282Third Party Advisory
http://secunia.com/advisories/23422Third Party Advisory
http://secunia.com/advisories/23433Third Party Advisory
http://secunia.com/advisories/23439Third Party Advisory
http://secunia.com/advisories/23440Third Party Advisory
http://secunia.com/advisories/23468Third Party Advisory
http://secunia.com/advisories/23514Third Party Advisory
http://secunia.com/advisories/23545Third Party Advisory

FAQ

What is CVE-2006-6504?

CVE-2006-6504 is a vulnerability with a CVSS score of 9.3 (HIGH). Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document,...

How severe is CVE-2006-6504?

CVE-2006-6504 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6504?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Canonical Ubuntu Linux.